7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
48.7%
CentOS Errata and Security Advisory CESA-2005:709
GDB, the GNU debugger, allows debugging of programs written in C, C++,
and other languages by executing them in a controlled fashion, then
printing their data.
Several integer overflow bugs were found in gdb. If a user is tricked
into processing a specially crafted executable file, it may allow the
execution of arbitrary code as the user running gdb. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1704 to this issue.
A bug was found in the way gdb loads .gdbinit files. When a user executes
gdb, the local directory is searched for a .gdbinit file which is then
loaded. It is possible for a local user to execute arbitrary commands as
the victim running gdb by placing a malicious .gdbinit file in a location
where gdb may be run. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1705 to this issue.
This updated package also addresses the following issues:
GDB on ia64 had previously implemented a bug fix to work-around a kernel
problem when creating a core file via gcore. The bug fix caused a
significant slow-down of gcore.
GDB on ia64 issued an extraneous warning when gcore was used.
GDB on ia64 could not backtrace over a sigaltstack.
GDB on ia64 could not successfully do an info frame for a signal trampoline.
GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process.
GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints.
GDB could not build with gcc4 when -Werror flag was set.
GDB had problems printing inherited members of C++ classes.
A few updates from mainline sources concerning Dwarf2 partial die in
cache support, follow-fork support, interrupted syscall support, and
DW_OP_piece read support.
All users of gdb should upgrade to this updated package, which resolves
these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-October/074405.html
https://lists.centos.org/pipermail/centos-announce/2005-October/074408.html
Affected packages:
gdb
Upstream details at:
https://access.redhat.com/errata/RHSA-2005:709
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | gdb | < 6.3.0.0-1.63 | gdb-6.3.0.0-1.63.ia64.rpm |
CentOS | 4 | s390 | gdb | < 6.3.0.0-1.63 | gdb-6.3.0.0-1.63.s390.rpm |
CentOS | 4 | s390x | gdb | < 6.3.0.0-1.63 | gdb-6.3.0.0-1.63.s390x.rpm |